Cyber & Information Security Manager
Role details
Job location
Tech stack
Job description
- Design, own and lead the Cyber and Information Security strategy, aligning it to Yeo Valley's wider business and IT objectives.
- Design, implement, and manage security controls, processes, and technologies that protect the confidentiality, integrity, and availability of information assets.
- Own the Information Security Management System (ISMS), ensuring compliance with relevant frameworks as deemed appropriate.
- Oversee incident response and threat management, leading investigations and coordinating with IT and external partners to contain, resolve, and learn from security incidents.
- Maintain proactive awareness of the external threat landscape, staying informed on emerging risks, vulnerabilities, and trends. Translate this intelligence into actionable improvements to strengthen Yeo Valley's defences.
- Monitor and report on security posture, using metrics and dashboards to inform the business and executive team of risk levels, improvements, and vulnerabilities.
- Define and own the vulnerability management process, ensuring regular assessments, patching, and remediation of security weaknesses across the estate.
- Lead supplier assurance and third-party risk management, ensuring external partners meet Yeo Valley's security requirements.
- Work closely with IT infrastructure and delivery teams to ensure new systems, applications, and solutions are secure by design.
- Create and embed a culture of security awareness, running training, communications, and engagement programmes to upskill colleagues.
- Support business continuity and disaster recovery planning, ensuring security requirements are embedded in wider IT resilience activities. Coach and enable the Cyber Security Engineer to contribute to develop the business continuity plan for cyber incidents.
Requirements
Do you have experience in Supply chain?, * Proven experience in leading or managing information and cyber security operations.
-
Strong knowledge of information security standards, frameworks, and regulations (e.g. ISO27001, NIST, Cyber Essentials Plus, GDPR).
-
Experience developing and implementing security strategies, policies, and controls across hybrid IT environments.
-
Demonstrated ability to manage incidents, risks, and vulnerabilities effectively.
-
Excellent communication and influencing skills, capable of engaging both technical and non-technical stakeholders.
-
Experience managing security suppliers, SOC providers, or MSSPs. Desirable:
-
Experience in manufacturing, FMCG, or supply chain environments.
-
Hands-on knowledge of modern cloud and on-premises security tooling (Microsoft 365 Defender, Sentinel, Azure, Fortinet, etc.).
-
Security certifications (e.g. CISSP, CISM, CompTIA Security+, ISO27001 Lead Implementer).
-
Understanding of disaster recovery, business continuity, and risk management.
Benefits & conditions
Pulled from the full job description
- Free parking
- Company pension
- Cycle to work scheme, We're sure you don't need convincing, but there's a whole host of benefits that we offer. It goes without saying that you'll have access to free parking, top of the range personal protection equipment (PPE) and your own locker. You'll also receive the following:
- Competitive holiday allowance
- non-contributory pension scheme
- life cover
- healthcare cash back plan
- cycle to work scheme
- subsidised Yeo Valley products and services
- preferential rates with our partners
- learning and development opportunities; we're committed to ensuring all of our employees have the chance to grow
Our closing dates are a guide for when the application window should close, although we may close the advert sooner if we can. So, we recommend you get your application in straight away - and don't miss the opportunity to join us!
Unfortunately, we're not able to provide employment sponsorship to candidates at this moment in time.
